Candidate: CVE-2010-0731
PublicDate: 2010-03-26 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0731
 http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230
Description:
 The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1,
 when running on big-endian, 64-bit platforms, calls the asn1_read_value
 with a pointer to the wrong data type and the wrong length value, which
 allows remote attackers to bypass the certificate revocation list (CRL)
 check and cause a stack-based buffer overflow via a crafted X.509
 certificate, related to extraction of a serial number.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=573028
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_gnutls11:
upstream_gnutls11: needs-triage
dapper_gnutls11: ignored (reached end-of-life)
hardy_gnutls11: DNE
intrepid_gnutls11: DNE
jaunty_gnutls11: DNE
karmic_gnutls11: DNE
devel_gnutls11: DNE

Patches_gnutls12:
upstream_gnutls12: released (1.2.1)
dapper_gnutls12: not-affected (1.2.9-2ubuntu1.7)
hardy_gnutls12: DNE
intrepid_gnutls12: DNE
jaunty_gnutls12: DNE
karmic_gnutls12: DNE
devel_gnutls12: DNE

Patches_gnutls13:
upstream_gnutls13: not-affected
dapper_gnutls13: DNE
hardy_gnutls13: not-affected (2.0.4-1ubuntu2.6)
intrepid_gnutls13: DNE
jaunty_gnutls13: DNE
karmic_gnutls13: DNE
devel_gnutls13: DNE

Patches_gnutls26:
upstream_gnutls26: not-affected
dapper_gnutls26: DNE
hardy_gnutls26: DNE
intrepid_gnutls26: not-affected (2.4.1-1ubuntu0.4)
jaunty_gnutls26: not-affected (2.4.2-6ubuntu0.1)
karmic_gnutls26: not-affected (2.8.3-2)
devel_gnutls26: not-affected (2.8.5-2)